• Home
  • Articles
  • [Apr 01, 2024] 312-96 Free Exam Questions with Quality Guaranteed [Q24-Q46]

[Apr 01, 2024] 312-96 Free Exam Questions with Quality Guaranteed [Q24-Q46]

Share

[Apr 01, 2024] 312-96 Free Exam Questions with Quality Guaranteed

 312-96 Free Exam Files Downloaded Instantly

NEW QUESTION # 24
Which of the risk assessment model is used to rate the threats-based risk to the application during threat modeling process?

  • A. SMART
  • B. DREAD
  • C. STRIDE
  • D. RED

Answer: C


NEW QUESTION # 25
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

  • A. Client-Side Scripts Attack
  • B. SQL Injection Attack
  • C. Directory Traversal Attack
  • D. Denial-of-Service attack

Answer: A


NEW QUESTION # 26
A developer to handle global exception should use _________ annotation along with @ExceptionHandler method annotation for any class

  • A. @globalControllerAdvice
  • B. @GlobalAdvice
  • C. @ControllerAdvice
  • D. @Advice

Answer: C


NEW QUESTION # 27
Which of the following method will help you check if DEBUG level is enabled?

  • A. IsEnableDebug ()
  • B. isDebugEnabled()
  • C. DebugEnabled()
  • D. EnableDebug ()

Answer: B


NEW QUESTION # 28
Which line of the following example of Java Code can make application vulnerable to a session attack?

  • A. Line No. 3
  • B. Line No. 5
  • C. Line No. 1
  • D. Line No. 4

Answer: A


NEW QUESTION # 29
Identify the type of encryption depicted in the following figure.

  • A. Asymmetric Encryption
  • B. Hashing
  • C. Symmetric Encryption
  • D. Digital Signature

Answer: C


NEW QUESTION # 30
Identify the formula for calculating the risk during threat modeling.

  • A. RISK = PROBABILITY * DAMAGE POTENTIAL
  • B. IRISK = PROBABILITY * VULNERABILITY
  • C. RISK = PROBABILITY "Attack
  • D. RISK = PROBABILITY " ASSETS

Answer: A


NEW QUESTION # 31
Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.
Which type of security assessment activity Jacob is currently performing?

  • A. CAST
  • B. CAST
  • C. SAST
  • D. ISCST

Answer: C


NEW QUESTION # 32
In which phase of secure development lifecycle the threat modeling is performed?

  • A. Deployment phase
  • B. Testing phase
  • C. Coding phase
  • D. Design phase

Answer: D


NEW QUESTION # 33
Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?

  • A. ex.getMessage();
  • B. ex.getError();
  • C. ex.StackTrace.getError();
  • D. ex.message();

Answer: A


NEW QUESTION # 34
Oliver, a Server Administrator (Tomcat), has set configuration in web.xml file as shown in the following screenshot. What is he trying to achieve?

  • A. He wants to transfer only Session cookies over encrypted channel
  • B. He wants to transfer only request parameter data over encrypted channel
  • C. He wants to transfer the entire data over encrypted channel
  • D. He wants to transfer only response parameter data over encrypted channel

Answer: C


NEW QUESTION # 35
A developer has written the following line of code to handle and maintain session in the application. What did he do in the below scenario?

  • A. Maintained session by creating a HTTP variable user with value stored in uname variable.
  • B. Maintained session by creating a Session variable user with value stored in uname variable.
  • C. Maintained session by creating a Cookie user with value stored in uname variable.
  • D. Maintained session by creating a hidden variable user with value stored in uname variable.

Answer: B


NEW QUESTION # 36
Which of the threat classification model is used to classify threats during threat modeling process?

  • A. SMART
  • B. DREAD
  • C. STRIDE
  • D. RED

Answer: C


NEW QUESTION # 37
The threat modeling phase where applications are decomposed and their entry points are reviewed from an attacker's perspective is known as ________

  • A. Attack Surface Evaluation
  • B. Threat Classification
  • C. Impact Analysis
  • D. Threat Identification

Answer: A


NEW QUESTION # 38
Which of the following relationship is used to describe abuse case scenarios?

  • A. Threatens Relationship
  • B. Extend Relationship
  • C. Mitigates Relationship
  • D. Include Relationship

Answer: A


NEW QUESTION # 39
Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Jav a. He found that the developer has used a piece of code as shown in the following screenshot. Identify the security mistakes that the developer has coded?

  • A. He is attempting to use blacklist input validation approach
  • B. He is attempting to use client-side validation
  • C. He is attempting to use regular expression for validation
  • D. He is attempting to use whitelist input validation approach

Answer: A


NEW QUESTION # 40
Which of the following elements in web.xml file ensures that cookies will be transmitted over an encrypted channel?

  • A. < connector EnableSSL="true" / >
  • B. < connector lsSSLEnabled="Yes" / >
  • C. < connector SSLEnabled="false" / >
  • D. < connector SSLEnabled="true" / >

Answer: D


NEW QUESTION # 41
Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp
< form Id="form1" method="post" action="SearchProperty.jsp" >
< input type="text" id=''txt_Search" name="txt_Search" placeholder="Search Property..." / >
< input type="Submit" Id="Btn_Search" value="Search" / >
< /form >
However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?

  • A. He should write code like out.write ("You Searched for:" + request.qetParameterf'txt Search"));
  • B. He should write code like out-Write ("You Searched for:" +ESAPI.encoder().encodeForHTML(search));
  • C. He should write code like out.write (("You Searched for:" +(search));
  • D. He should write code like out.write ("You Searched for:" + request.qetParameter("search"l.toStrinq(ll;

Answer: B


NEW QUESTION # 42
Identify the type of attack depicted in the figure below:

  • A. Parameter/form attack
  • B. Directory traversal attack
  • C. Session fixation attack
  • D. SQL injection attack

Answer: C


NEW QUESTION # 43
......

Q&As with Explanations Verified & Correct Answers: https://vcepractice.pass4guide.com/312-96-dumps-questions.html

Related Articles

more
ECCouncil 312-96 Certification Practice Exam